
<?php
    session_start();
    $ucode = $_POST['ucode'];
    $username = $_POST['username'];
    $pwd = $_POST['pwd'];
    $i = 0;
//    $_SESSION['username'] = $username;
//    $_SESSION['pwd'] = $pwd;
//    echo $_SESSION['username'];

    if($_SESSION['code']==$ucode){


        $link = mysqli_connect("localhost","root","") or die("数据连接失败");
        mysqli_set_charset($link,"utf8");
        mysqli_select_db($link,"bbs");
        $sql = "select * from user";

        $result = mysqli_query($link,$sql);
//        var_dump($result);
        if($result && mysqli_num_rows($result)>0) {
            $go = false;
            while ($rows = mysqli_fetch_assoc($result)) {


                if ($username == $rows['userName'] && $pwd == $rows['password']) {
                    $go = true;
                    $auth = $rows['auth'];
                    break;
                }

            }
            if ($go) {
                if ($auth == '1') {
                    $i++;
                    $_SESSION['i'] = $_SESSION['i']+$i;
                    $_SESSION['uname'] = $username;
                    echo "<script>alert('登录成功');window.location.href='../index.php'</script>";

                } else {
                    echo "<script>alert('您不是管理员');window.location.href='../login.php'</script>";
                }
            } else {
                echo "<script>alert('账号或密码错误');window.location.href='../login.php'</script>";
            }
        }else{
                die("查询失败!");
            }
            mysqli_close($link);
    }else{
        echo "<script>alert('验证码错误');window.location.href='../login.php'</script>";
    }


